Fortinet white logo
Fortinet white logo

FortiGate-7000E Administration Guide

FIM-7904E interface module

FIM-7904E interface module

The FIM-7904E interface module is a hot swappable module that provides data, management, and session sync/heartbeat interfaces, base backplane switching, and fabric backplane session-aware load balancing for a FortiGate 7000E series chassis. The FIM-7904E includes an integrated switch fabric and DP2 processors to load balance millions of data sessions over the chassis fabric backplane to FPM processor modules. The FIM-7904E also includes a 1Gbps base backplane channel for base backplane management communication with each FPM module in the chassis, one 40Gbps fabric backplane channel for fabric backplane communication with the FIM module(s) in the chassis, and a second 1Gbps base backplane channel for base backplane communication with the FIM module(s) in the chassis.

The FIM-7904E can be installed in any FortiGate 7000E series chassis in chassis hub/switch slots 1 or 2. The FIM-7904E provides four Quad Small Form-factor Pluggable plus (QSFP+) interfaces for a FortiGate 7000E chassis. Using a 40GBASE-SR10 multimode QSFP+ transceiver, each QSFP+ interface can also be split into four 10GBASE-SR interfaces.

You can also install FIM-7904Es in a second chassis and operate the chassis in HA mode to provide chassis failover protection.

FIM-7904E front panel

FIM-7904E front panel interfaces

You connect the FIM-7904E to your 40Gbps networks using the B1 to B8 front panel QSFP+ interfaces. The front panel also includes M1 and M2 SFP+ interfaces for the base channel, four Ethernet management interfaces (MGMT1 to MGMT4), and a USB port. The USB port can be used with any USB key for backing up and restoring configuration files.

Connector Type Speed Protocol Description
B1 to B8 QSFP+ 40Gbps/10Gbps Ethernet Eight front panel 40GigE QSFP+ fabric channel interfaces. These interfaces are connected to 40Gbps networks to distribute sessions to the FPM processor modules installed in chassis slots 3 and up. Using 40GBASE-SR10 multimode QSFP+ transceivers, each QSFP+ interface can also be split into four 10GBASE-SR interfaces. These interfaces also support creating link aggregation groups (LAGs) that can include interfaces from both FIM-7904Es.
M1 and M2 SFP+ 10Gbps/1Gbps Ethernet Two front panel 10GigE SFP+ interfaces that connect to the base backplane channel. These interfaces are used for heartbeat, session sync, and management communication between FIM-7904Es in different chassis. These interfaces can also be configured to operate as Gigabit Ethernet interfaces using SFP transceivers, but should not normally be changed. If you use switches to connect these interfaces, the switch ports should be able to accept packets with a maximum frame size of at least 1526. The M1 and M2 interfaces need to be on different broadcast domains. If M1 and M2 are connected to the same switch, Q-in-Q must be enabled on the switch
MGMT1 to MGMT4 RJ-45 10/100/1000Mbps Ethernet Four 10/100/1000BASE-T copper out of band management Ethernet interfaces.
USB USB 3.0 Type A USB 3.0 USB 2.0 Standard USB connector.

Splitting the FIM-7904E B1 to B8 interfaces

Each 40GE interface (B1 to B8) on the FIM-7904Es in slot 1 and slot 2 of a FortiGate 7000E system can be split into 4x10GBE interfaces. You split these interfaces after the FIM-7904Es are installed in your FortiGate 7000E system and the system is up and running. You can split the interfaces of the FIM-7904Es in slot 1 and slot 2 at the same time by entering a single CLI command. Enabling, disabling, or changing the split interfaces configuration requires a system reboot. Fortinet recommends that you split multiple interfaces at the same time according to your requirements to avoid traffic disruption.

Note

You should configure split interfaces on both FortiGate 7000Es before forming an FGCP HA cluster. If you decide to change the split interface configuration after forming a cluster, you need to remove the secondary FortiGate 7000E from the cluster and change the split interface configuration on both FortiGate 7000Es separately. After the FortiGate 7000Es restart, you can re-form the cluster. This process will cause traffic interruptions.

For example, to split the B1 interface of the FIM-7904E in slot 1 (this interface is named 1-B1) and the B1 and B4 interfaces of the FIM-7904E in slot 2 (these interfaces are named 2-B1 and 2-B4) connect to the CLI of your FortiGate 7000E system using the management IP and enter the following command:

config system global

set split-port 1-B1 2-B1 2-B4

end

After you enter the command, the FortiGate 7000E reboots and when it comes up:

  • The 1-B1 interface will no longer be available. Instead the 1-B1/1, 1-B1/2, 1-B1/3, and 1-B1/4 interfaces will be available.
  • The 2-B1 interface will no longer be available. Instead the 2-B1/1, 2-B1/2, 2-B1/3, and 2-B1/4 interfaces will be available.
  • The 2-B4 interface will no longer be available. Instead the 2-B4/1, 2-B4/2, 2-B4/3, and 2-B4/4 interfaces will be available.

You can now connect breakout cables to these interfaces and configure traffic between them just like any other FortiGate interface.

FIM-7904E hardware schematic

The FIM-7904E includes an integrated switch fabric (ISF) that connects the front panel interfaces to the DP2 session-aware load balancers and to the chassis backplanes. The ISF also allows the DP2 processors to distribute sessions among all NP6 processors on the FPM modules in the same chassis.

The FIM-7904E also includes the following backplane communication channels:

  • One 80Gbps fabric backplane channel to distribute traffic to the FPMs.
  • One 1Gbps base backplane channel for base backplane communication with the FPMs.
  • One 40Gbps fabric backplane channel for fabric backplane communication with the other FIM.
  • One 1Gbps base backplane channel for base backplane communication with the other FIM.
FIM-7904E hardware architecture

FIM-7904E interface module

FIM-7904E interface module

The FIM-7904E interface module is a hot swappable module that provides data, management, and session sync/heartbeat interfaces, base backplane switching, and fabric backplane session-aware load balancing for a FortiGate 7000E series chassis. The FIM-7904E includes an integrated switch fabric and DP2 processors to load balance millions of data sessions over the chassis fabric backplane to FPM processor modules. The FIM-7904E also includes a 1Gbps base backplane channel for base backplane management communication with each FPM module in the chassis, one 40Gbps fabric backplane channel for fabric backplane communication with the FIM module(s) in the chassis, and a second 1Gbps base backplane channel for base backplane communication with the FIM module(s) in the chassis.

The FIM-7904E can be installed in any FortiGate 7000E series chassis in chassis hub/switch slots 1 or 2. The FIM-7904E provides four Quad Small Form-factor Pluggable plus (QSFP+) interfaces for a FortiGate 7000E chassis. Using a 40GBASE-SR10 multimode QSFP+ transceiver, each QSFP+ interface can also be split into four 10GBASE-SR interfaces.

You can also install FIM-7904Es in a second chassis and operate the chassis in HA mode to provide chassis failover protection.

FIM-7904E front panel

FIM-7904E front panel interfaces

You connect the FIM-7904E to your 40Gbps networks using the B1 to B8 front panel QSFP+ interfaces. The front panel also includes M1 and M2 SFP+ interfaces for the base channel, four Ethernet management interfaces (MGMT1 to MGMT4), and a USB port. The USB port can be used with any USB key for backing up and restoring configuration files.

Connector Type Speed Protocol Description
B1 to B8 QSFP+ 40Gbps/10Gbps Ethernet Eight front panel 40GigE QSFP+ fabric channel interfaces. These interfaces are connected to 40Gbps networks to distribute sessions to the FPM processor modules installed in chassis slots 3 and up. Using 40GBASE-SR10 multimode QSFP+ transceivers, each QSFP+ interface can also be split into four 10GBASE-SR interfaces. These interfaces also support creating link aggregation groups (LAGs) that can include interfaces from both FIM-7904Es.
M1 and M2 SFP+ 10Gbps/1Gbps Ethernet Two front panel 10GigE SFP+ interfaces that connect to the base backplane channel. These interfaces are used for heartbeat, session sync, and management communication between FIM-7904Es in different chassis. These interfaces can also be configured to operate as Gigabit Ethernet interfaces using SFP transceivers, but should not normally be changed. If you use switches to connect these interfaces, the switch ports should be able to accept packets with a maximum frame size of at least 1526. The M1 and M2 interfaces need to be on different broadcast domains. If M1 and M2 are connected to the same switch, Q-in-Q must be enabled on the switch
MGMT1 to MGMT4 RJ-45 10/100/1000Mbps Ethernet Four 10/100/1000BASE-T copper out of band management Ethernet interfaces.
USB USB 3.0 Type A USB 3.0 USB 2.0 Standard USB connector.

Splitting the FIM-7904E B1 to B8 interfaces

Each 40GE interface (B1 to B8) on the FIM-7904Es in slot 1 and slot 2 of a FortiGate 7000E system can be split into 4x10GBE interfaces. You split these interfaces after the FIM-7904Es are installed in your FortiGate 7000E system and the system is up and running. You can split the interfaces of the FIM-7904Es in slot 1 and slot 2 at the same time by entering a single CLI command. Enabling, disabling, or changing the split interfaces configuration requires a system reboot. Fortinet recommends that you split multiple interfaces at the same time according to your requirements to avoid traffic disruption.

Note

You should configure split interfaces on both FortiGate 7000Es before forming an FGCP HA cluster. If you decide to change the split interface configuration after forming a cluster, you need to remove the secondary FortiGate 7000E from the cluster and change the split interface configuration on both FortiGate 7000Es separately. After the FortiGate 7000Es restart, you can re-form the cluster. This process will cause traffic interruptions.

For example, to split the B1 interface of the FIM-7904E in slot 1 (this interface is named 1-B1) and the B1 and B4 interfaces of the FIM-7904E in slot 2 (these interfaces are named 2-B1 and 2-B4) connect to the CLI of your FortiGate 7000E system using the management IP and enter the following command:

config system global

set split-port 1-B1 2-B1 2-B4

end

After you enter the command, the FortiGate 7000E reboots and when it comes up:

  • The 1-B1 interface will no longer be available. Instead the 1-B1/1, 1-B1/2, 1-B1/3, and 1-B1/4 interfaces will be available.
  • The 2-B1 interface will no longer be available. Instead the 2-B1/1, 2-B1/2, 2-B1/3, and 2-B1/4 interfaces will be available.
  • The 2-B4 interface will no longer be available. Instead the 2-B4/1, 2-B4/2, 2-B4/3, and 2-B4/4 interfaces will be available.

You can now connect breakout cables to these interfaces and configure traffic between them just like any other FortiGate interface.

FIM-7904E hardware schematic

The FIM-7904E includes an integrated switch fabric (ISF) that connects the front panel interfaces to the DP2 session-aware load balancers and to the chassis backplanes. The ISF also allows the DP2 processors to distribute sessions among all NP6 processors on the FPM modules in the same chassis.

The FIM-7904E also includes the following backplane communication channels:

  • One 80Gbps fabric backplane channel to distribute traffic to the FPMs.
  • One 1Gbps base backplane channel for base backplane communication with the FPMs.
  • One 40Gbps fabric backplane channel for fabric backplane communication with the other FIM.
  • One 1Gbps base backplane channel for base backplane communication with the other FIM.
FIM-7904E hardware architecture